These are great additions! Exciting stuff.
We would love to be able to use the Entra connector but unfortunately can’t because IDN is unable to handle (hide) the read only AD groups AAD has a copy of.
Due to how IDN learns about entitlements during account aggregation, even if we set an entitlement filter on the Entra source to not include on-premises AD groups, all of our on-premises (replicated) AD groups are being pulled in anyway (because they are listed on the accounts).
These read only duplicate entitlements add lots of noise to our Access History and confuse our Certifiers. These entitlements are not AAD entitlements, they are mastered in AD and are read only in AAD.
At this point I believe I have to wait for a platform change before we can start using IDN with Entra/AAD. Disappointing because we have lots of interesting ideas on IDN + Entra.
More details we (and others) are experiencing with IDN; that are are slowing/preventing customers from using IDN + Entra.
Someone else made an Idea post about it: Sailpoint better handling of hybrid joined | SailPoint Ideas Portal